Nginx Configuration for HTTPS

Before we enter into how to configure Nginx for HTTPS, we need to know why we need HTTPS. We already have HTTP, which is an internet protocol for transferring web content including images, css, js, etc. But it is not safe because web context can be modified or stoled. In this case, we need involve another layer, SSL into HTTP. Here we will give two cases, one is to use un-certified certification file by Openssl, another is to use certified certification file by Godaddy. The benefit of the first case is free, by contract, the second’s disadvantage is money-cost. Before giving out detailed solution, we introduce some basic concepts first, like SSL, HTTPS.

What is SSL?

SSL is a digital certification, which uses Secure Socket Layer protocol to build a safe channel between browser and web server. So that data message is encoded between client and server in order to avoid third party tapping. This layer is also called TLS(Transport Layer Security), or SSL/TLS.

What is HTTPS?

HTTPS adds SSL at the bottom of HTTP, whose target is to provide safe channel. Or HTTPS = HTTP over SSL/TLS. After simply understanding our purpose, let’s see how to implement our goal.

How to do?

Check Nginx configuration

>>nginx -V

Rebuid nginx to support SSL

If your Nginx doesn’t support SSL, you need rebuild Nginx. Sometimes, you might lack libssl-dev package, you can use “apt-get install libssl-dev” to add it. Others are as below.

Case 2:

Copy SSL certification from Godaddy.

download it from Godaddy. In fact, you will get one zip folder and then unzip it to see two .crt files, one starts by gd_bundle which is linked certification file; another is server’s certification. For Nginx, you need to merge the two to one.

cat ***.crt gd_bundle-***.crt > server.crt

Please note the order of the two file. If you mistake the two order, you might be get this error:

The next step is the same with case 1 to configure Nginx configuration file to add .key and .crt file.

Support HTTP/HTTPS:

Until now, Nginx only supports HTTPS, not HTTPS. What you need to do is quite simply, you just need to redirect request from http to https. Here is the additional code you need to add to Nginx configuration file:

Problems:

After configuration and re-run Nginx, we also might meet some problems. Go to logs/error.log to see what’s happen. Here are some errors which I met.

1. the “ssl” parameter requires ngx_http_ssl_module

You can see that in the first step I already re-configured Nginx with “–with-http_ssl_module” and then use “nginx -V” to check nginx configuration which reminds that the Nginx is already configured with the ssl, but why here I still get this error. The main reason is that even though I use “sudo nginx -s reload” command to reload configuration file, the Nginx is still the old one, not the re-build one. Here I need to use “sudo nginx -s stop” to stop Nginx first and then restart it by “sudo nginx“.